[CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
Phelps, Matt
mphelps at cfa.harvard.edu
Fri Mar 21 12:04:07 UTC 2014
On Thu, Mar 20, 2014 at 3:48 PM, Matthew Miller <mattdm at mattdm.org> wrote:
> Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore? And, would
> you care strongly if it went away (or would you just migrate to something
> else)?
>
> I bring this up because we are discussing dropping it from Fedora. This
> would be far enough in the future that it wouldn't impact RHEL 7, and
> therefore won't affect anyone here for Quite Some Time*, but here in the
> new
> world order of CentOS, I thought it might be useful to check with some
> actual downstream users.
>
> What do you think? Do you rely on hosts.allow/hosts.deny a primary security
> mechanism? As defense-in-depth? Do you have policies which mandate it?
>
> Your feedback appreciated. Thanks!
>
>
> * and the standard caveats that Fedora doesn't necessarily determine the
> path for RHEL apply, of course.
>
>
> --
> Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
We still use tcpwrappers extensively behind our firewalls to control many
things. We still have a mixed CentOS 5/6 and older Solaris environment, so
it would be big hassle to switch to something else.
Of course, if it left Fedora today, it would still be in CentOS for years
to come, and even then we could probably build our own pretty easily, but
we'd rather not have to!
--
Matt Phelps
System Administrator, Computation Facility
Harvard - Smithsonian Center for Astrophysics
mphelps at cfa.harvard.edu, http://www.cfa.harvard.edu
More information about the CentOS
mailing list